blob: a96a2b0112aa8dab0902c743ce31bb0386977c35 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Candidate:
Description:
file permissions can be circumvented via information in /proc
References:
http://securityfocus.com/archive/1/507386/30/30/threaded
http://lwn.net/Articles/359219
Notes:
from discussion on bugtraq, it appears that this problem is exposed because of
some debian-specific patches (upstream is not affected). at this point, i am
noting the issue because there appears to be something to it, but i have not
studied it in detail nor verified any claims.
.
dannf> I don't see anything debian-specific about it. I can reproduce on 2.6.32
and RHEL5.
Bugs:
upstream: ignored "no upstream fix"
linux-2.6: ignored "no upstream fix"
2.6.18-etch-security: ignored "no upstream fix"
2.6.24-etch-security: ignored "no upstream fix"
2.6.26-lenny-security: ignored "no upstream fix"
|